[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Phpgroupware-developers] security
From: |
Michael Dean |
Subject: |
RE: [Phpgroupware-developers] security |
Date: |
31 Oct 2002 19:51:25 -0600 |
They are not talking about user credentials, but database credentials.
If that were encrypted, it would need to be reversible. User
credentials, however, can be encrypted one-way.
On Thu, 2002-10-31 at 18:56, Jose Cabrera wrote:
> Hello,
>
> "any encryption used would have to be reversible"
>
> This is not entirely true.
>
> Since header.inc.php is written to when installing phpGroupWare, just
> add some code to encrypt the password before it is written to the file.
>
> For the log in scripts, just have them use the same encryption on the
> user submission before comparing the user submission and what is on
> file.
>
> This is a small modification and is probably worth while.
>
> -Jose